slsa-github-generator icon indicating copy to clipboard operation
slsa-github-generator copied to clipboard

Published 20 hours ago verified publisher icon slsa-framework

[feature] e2e tests for overwrite of builder repo

Open laurentsimon opened this issue 3 years ago • 0 comments
trafficstars

We need one e2e test for https://github.com/slsa-framework/slsa-github-generator/issues/880, ie to verify that a malicious artifact cannot overwrite the builder repo Let's start with pre-submits. It should be possible to checker for:

  • existing file
  • existing folder
  • name matching

laurentsimon avatar Oct 19 '22 09:10 laurentsimon